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DETAILED ACTION 

1. Claims 1-36 are pending in the application. 

2. Claims 1-36 have been rejected. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIP A) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 

3. Claims 1, 2, 6-8, 10-12 and 15 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Toh U.S. Patent No. 5,987,011. 

As to claims 1 and 24, Toh discloses an electronic memory circuit having network 
information stored therein. Toh discloses an electronic processor circuit that evaluates an 
excising signal received from the network control computer [column 6, lines 22-47]. Toh 
discloses that the excising signal contains information regarding a first router of the plurality of 
routers to be excised from the network. Toh discloses determining an authenticity of the 
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excising signal [column 8, lines 23-48]. Toh discloses excising the first router when the excising 
signal is authenticated. Toh discloses rerouting the excising signal to at least a second router of 
the plurality of routers when the excising signal is authenticated [column 9 line 14 to column 10 
line 7]. 

As to claim 2, Toh discloses that the electronic processor circuit excises the first router by 
adding the first router to information regarding routers stored in the electronic memory circuit. 
Toh discloses removing from the electronic memory circuit routing updates corresponding to the 
first router. Toh discloses removing the first router from a neighbor table stored in the electronic 
memory circuit when the first router is listed therein. Toh discloses recomputing a forwarding 
table to direct future routing [column 7, lines 42-67]. 

As to claim 6, Toh discloses that the electronic processor reinstates the first station when 
the communications router receives and verifies a reinstate message from the network control 
computer [column 8, lines 36-41]. 

As to claim 7, Toh evaluating an excising signal received from the network control 
computer. Toh discloses that the excising signal contains information regarding a second router 
of the plurality of routers to be excised from the network. Toh discloses determining an 
authenticity of the excising signal. Toh discloses excising the second router when the excising 
signal is authentic. Toh discloses rerouting the excising signal to at least a third router of the 
plurality of routers [column 19 line 17 to column 20 line 23]. 

As to claim 8, Toh discloses adding the second router to information regarding routers 
stored in a memory. Toh discloses removing from the communications router routing updates 
corresponding to the second router. Toh discloses removing the second router from a neighbor 
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table of the communications router when the second router is listed therein. Toh discloses 
recomputing a forwarding table [column 7, lines 42-67]. 

As to claims 10 and 11, Toh discloses evaluating a signal received through the 
transceiver from another network router. Toh discloses identifying which network router a 
signal has just been received from [column 15, lines 39-57]. Toh discloses determining if the 
network router is identified by the information regarding excised routers. Toh discloses 
discarding the signal when the router is listed. Toh discloses processing the signal when the 
router is not listed. Toh discloses processing the signal when the router is listed. Toh discloses 
recomputing the forwarding table [column 16, lines 1-15]. 

As to claim 12, Toh discloses removing the second router from information regarding 
non-compromised routers stored in a memory [column 7, lines 51-64]. Toh discloses removing 
from the communications router routing updates corresponding to the second router. Toh 
discloses removing the second router from a neighbor table of the communications router when 
the second router is listed therein [column 11, lines 46-65]. 

As to claim 15, Toh discloses the step of reinstating the second station when the 
communications router receives and verifies a reinstate message from the network control 
computer [column 12, lines 18-34], 

4. Claim 16 is rejected under 35 ILS.C. 102(e) as being anticipated by Haas U.S. Patent No. 
6,304,556 Bl. 

As to claim 16, Haas discloses a memory having network information stored thereon 
[column 7, lines 36-56]. Haas discloses a processor that operates the mobile station as a cluster 
head or cluster member station [column 8, lines 37-65]. Haas discloses that the processor 
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evaluates an excising signal received from the network control computer, the excising signal 
containing information regarding a first cluster head or cluster member station to be excised from 
the network; (iii) verifies the authenticity of the excising signal; (iv) excises the first cluster head 
or cluster member station when the excising signal is authentic; and (v) distributes the excising 
signal to at least a second cluster head or cluster member station [column 9, lines 32-63]. 

5. Claims 25 and 26 are rejected under 35 U.S.C. 102(b) as being anticipated Li et al U.S. 
Patent No. 5,473,599. 

As to claims 25 and 26, Li et al discloses authenticating in the first router a signal 
received from the control computer, the signal identifying at least one router to be cut-off from 
communicating with the network [column 6 line 58 to column 7 line 15]. Li et al discloses 
preventing the first router from communicating with the at least one cut-off router when the 
signal is authenticated [column 7, lines 16-29]. Li et al discloses redistributing the cut-off signal 
to each of the plurality of routers, except for the at least one cut-off router, and preventing each 
of the remaining routers from communicating with the at least one cut-off router. Li et al 
discloses that when a router receives a message from one of the plurality of routers, the router 
determines if the message is from the at least one cut-off router, and processes the message only 
when the message is not from the at least one cut-off router [column 8, lines 8-56]. 

6. Claims 27-35 are rejected under 35 ILS.C. 102(e) as being anticipated Miriyala U.S. 
Patent No. 6,618,377 Bl. 

As to claim 27, Miriyala discloses excising a compromised router from the network. 
Miriyala discloses determining whether messages transmitted between the plurality of routers are 
from the compromised router [column 6, lines 36-53]. 
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As to claim 28, Miriyala discloses the step of reinstating the compromised router when it 
becomes non-compromised [column 7 line 63 to column 8 line 3]. 

As to claim 29, Miriyala discloses that the plurality of routers are prevented from 
communicating with the compromised router [column 12, lines 20-32], 

As to claims 30 and 31, Miriyala discloses that the determining step comprises consulting 
a data structure representing excised routers to determine if the router is noncompromised 
[column 12, lines 34-55]. 

As to claim 32, Miriyala discloses code to excise a compromised router from the 
network. Miriyala discloses code to verify that messages transmitted among the plurality of 
routers are from non-compromised routers. Miriyala discloses code to reinstate the 
compromised router when it becomes non-compromised [column 12, lines 20-32]. 

As to claims 33 and 34, Miriyala discloses receiving a message from one of the plurality 
of routers in the network. Miriyala discloses determining a router identifier for the router that 
just transmitted the message [column 13, lines 9-30]. Miriyala discloses determining whether 
the information regarding compromised routers in the network includes the router identifier. 
Miriyala discloses disregarding the message when the router is listed in the information 
regarding compromised routers. Miriyala discloses disregarding the message when the router is 
not listed in the information regarding non-compromised routers [column 13, lines 41-56]. 

As to claim 35, Miriyala discloses determining a compromised router of the plurality of 
routers in the network, as discussed above. Miriyala discloses excising the compromised router 
from the network, as discussed above. Miriyala discloses preventing the plurality of routers from 
communicating with the compromised router, as discussed above. 
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Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 3, 4, 9 and 13 are rejected under 35 U.S.C 103(a) as being unpatentable over 
Toh U.S. Patent No. 5,987,011 as applied to claim 1 above, and further in view of Raz et al 
U.S. Patent No. 6,529,515 Bl. 

As to claims 3, 9 and 13, Toh does not teach that the electronic processor circuit further 
causes a message to be transmitted to the network control computer and to disregard the excising 
signal each when the excising signal is not authentic. 

Raz et al teaches a message to be transmitted to the network control computer and to 
disregard the excising signal each when the excising signal is not authentic [column 8, lines 9- 
27]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Toh so that a message would have been 
transmitted to the network control computer and to disregard the excising signal each when the 
excising signal is not authentic. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Toh by the teaching of Raz et al because it provides 
efficient use of network resources, without increasing the complexity of application 
development. Advantageously, it enables the safe execution and rapid deployment of new 
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distributed management applications in a network layer. This active network approach can be 
gradually integrated into, e.g., an otherwise conventional IP network, and allows smooth 
migration from conventional IP to programmable networks [column 3, lines 5-15]. 

As to claim 4, Toh as modified teaches that the electronic processor circuit further 
evaluates a signal received through the transceiver from another network router. Toh as 
modified teaches identifying which network router the signal has been received from [column 
15, lines 18-37], Toh as modified teaches determining if the network router is listed with the 
information regarding excised routers. Toh as modified teaches discarding the signal when the 
router is listed. Toh as modified teaches processing the signal when the router is not listed 
[column 15, lines 39-57]. 

8. Claims 5 and 14 are rejected under 35 U.S.C 103(a) as being unpatentable over Toh 
U.S. Patent No. 5,987,011 as applied to claim 1 above, and further in view of Applied 
Cryptography (hereinafter Schneier). 

As to claims 5 and 14, Toh does not teach that the electronic processor circuit determines 
the authenticity of the excising signal using a public encryption key. 

Schneier teaches the use and benefits of public key encryption [pages 461-462]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Toh so that the electronic processor circuit would 
have determined the authenticity of the excising signal using a public encryption key. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Toh by the teaching of Raz et al because public-key is 
designed to resist chosen-plaintext attacks, their security is based both on the difficulty of 
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deducing the secret key from the public key and the difficulty of deducing the plaintext from the 
cipher text [page 462]. 

9, Claims 17-23 are rejected under 35 U.S.C. 103(a) as being unpatentable over Li et al 
U.S. Patent No. 5,473,599 in view of Chaum U.S. Patent No. 4,947,430. 

As to claims 17, 19 and 22, Li et al discloses formulating in the control computer an 
excise signal indicating at least a second router to be excised from the network [column 5, lines 
26-39]. Li et al discloses adding the information identifying the second router to information 
regarding excised routers stored in memory of the first router, as discussed above. Li et al 
discloses removing from the first router routing updates corresponding to the second router. Li 
et al discloses removing information corresponding to the second router from a neighbor table of 
the first router when the second router is listed therein [column 6, lines 40-57. Li et al discloses 
recomputing a forwarding table in the first router. Li et al discloses redistributing the excise 
signal to each of the plurality of routers, except for the second router [column 10, lines 12-45]. 
Li et al discloses determining, in each of the plurality of routers when receiving a message from 
another one of the plurality of routers. Li et al discloses an identifier for the router from which 
the message is received and processing the message only when the information regarding excised 
routers does not include the identifier authentic [column 13, lines 31-61]. 

Li et al does not teach providing a digital signature of the control computer on the excise 
signal and transmitting the excise signal to the first router. Li et al does not teach verifying the 
signature on the excise signal in the first router. Li et al does not teach that the digital signature 
is validated using a public encryption key. 
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Chaum teaches providing a digital signature of the control computer on the excise signal 
and transmitting the excise signal to the first router. Chaum teaches verifying the signature on 
the excise signal in the first router [column 3, lines 29-42]. Chaum teaches that the digital 
signature is validated using a public encryption key [column 8, lines 27-46]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Li et al so that a digital signature would have been 
provided for the control computer. The digital signature would have been verified on the excise 
signal in the first router. The digital signature would have been validated using a public key. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Li et al by the teaching of Chaum because it requires 
consent every time the signature is verified and provides a binding signature that cannot be 
forged to authenticate a user [column 2, lines 36-46]. 

As to claims 18 and 23, Li et al teaches the steps of transmitting a message to the control 
computer from the first router and causing the first router to disregard the excise signal each 
when the excise signal is not authentic [column 14, lines 28-56]. 

As to claim 20, Li et al teaches the step of reinstating the excised second router, as 
discussed above. 

As to claim 21, Li et al teaches that a router disregards the message when the information 
regarding excised routers includes the identifier, as discussed above. 
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10. Claim 36 is rejected under 35 U.S.C. 103(a) as being unpatentable over Miriyala U.S. 
Patent No. 6,618,377 Bl as applied to claim 35 above, and further in view of Nessett et al 
U.S. Patent No. 5,968,176. 

As to claim 36, Miriyala does not teach determining step comprises determining a 
compromised router through embedded firewall functionality provided in each of the plurality of 
routers. 

Nessett et al teaches routers with firewall functionality provided in each of the plurality 
of routers [column 7, lines 48-55]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Miriyala so that a compromised router would 
have been determined through its embedded firewall functionality provided in each of the 
plurality of routers. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Miriyala by the teaching of Nessett et al because security 
functions placed in network interface cards, in switches, in routers, and in remote access systems, 
and provides a system administrator the opportunity to move firewall functionality out to the 
variety of devices in the networks to create a pervasive, multilayer firewall. Security features can 
be distributed in multiple layers to multiple devices, and managed using a coherent security 
policy management interface that provides a security administrator convenient and clear control 
over the security properties of the network. The distributed functionality, and convenient and 
clear control allow scaling advantages for firewalls that now exist only for systems such as 
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distributed remote monitoring dRMON, or other sophisticated network systems that are directed 
to single purpose functions [column 6, lines 12-26]. 



11. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K Moorthy whose telephone number is 703-305-1373. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
Aravind K Moorthy 
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SUPERVISORY PATENT EXAMI^F 
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